Privacy-Model
NØNOS implements a multi-layered privacy model that protects user identity, browsing behavior, and data at every level of the stack.
Privacy Architecture
┌─────────────────────────────────────────────────────────────────────┐
│ NØNOS PRIVACY LAYERS │
└─────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ Layer 4: Application Privacy │
│ • Tracker blocking • Fingerprint protection • Cookie mgmt │
└─────────────────────────────────────────────────────────────┘
│
┌─────────────────────────────────────────────────────────────┐
│ Layer 3: Identity Privacy │
│ • ZK Identity proofs • Ephemeral pseudonyms • Key rotation │
└─────────────────────────────────────────────────────────────┘
│
┌─────────────────────────────────────────────────────────────┐
│ Layer 2: Content Privacy. │
│ • Cache mixing • AES-GCM encryption • Unlinkable requests │
└─────────────────────────────────────────────────────────────┘
│
┌─────────────────────────────────────────────────────────────┐
│ Layer 1: Network Privacy (via Anyone Network) │
│ • Onion routing • Multi-hop relay • IP masking │
│ (Handled by separate Anyone Network, not NONOS nodes) │
└─────────────────────────────────────────────────────────────┘Zero-Knowledge Identity
What It Does ?
ZK Identity allows you to prove membership in a group without revealing which member you are.
How It Works
Technical Details
Hash Function
Poseidon
ZK-friendly hash
Tree Type
Sparse Merkle
Efficient membership proofs
Tree Depth
20 levels
Supports 2²⁰ identities
Proof Size
~256 bytes
Compact verification
Privacy Properties
Anonymity: Cannot link proof to specific identity
Unlinkability: Multiple proofs cannot be connected
Non-repudiation: Valid proofs prove membership
Revocability: Identities can be removed from tree
Cache Mixing
Problem: Cache Timing Attacks
Without protection, caching reveals browsing patterns:
Solution: Encrypted, Mixed Caching
Technical Implementation
Tracking Protection
Blocked Trackers
NØNOS blocks tracking at multiple levels:
Network
DNS-level blocking
Analytics domains, ad networks
HTTP
Header stripping
Referrer, cookies, fingerprinting headers
Script
Pattern matching
Tracking pixels, beacon scripts
Storage
Isolation
Cross-site cookies, localStorage
Fingerprint Protection
Browser fingerprinting techniques blocked:
Network Privacy
Important: Traffic routing (onion/multi-hop routing) is handled by Anyone Network, a separate project. NONOS nodes provide cryptographic privacy services for the browser, NOT traffic routing.
How Network Privacy Works
The NØNOS browser achieves network privacy through integration with Anyone Network:
Encryption Layers
Transport
Noise (XX pattern)
P2P link encryption (NONOS)
Routing
Onion encryption
Multi-hop privacy (Anyone Network)
Content
AES-GCM
Cache encryption (NONOS)
Threat Model
What NØNOS protects against
Website tracking
Strong
Tracker blocking, fingerprint protection
Cross-site linking
Strong
ZK identity, cache mixing
Browser fingerprinting
Strong
Fingerprint protection, normalized values
Cache timing attacks
Strong
Encrypted cache with mixing
Identity correlation
Strong
ZK proofs, ephemeral pseudonyms
ISP surveillance
Strong
Via Anyone Network integration
What NONOS Does NOT Protect Against
Traffic routing
NONOS doesn't route traffic
Use Anyone Network for IP privacy
Compromised device
Cannot protect local data
Secure your device
User error
Logging into accounts de-anonymizes
Separate identities
Advanced timing attacks
Requires additional protection
Use Anyone Network
Privacy Configuration
Default Settings (Recommended)
Performance Mode
Comparison to Other Solutions
No central authority
✓
✓
✗
✗
ZK identity proofs
✓
✗
✗
✗
Tracker blocking
✓
✗
✗
Partial
Cache privacy
✓
✗
✗
✗
Economic incentives
✓
✗
✗
✗
Performance
Good
Slow
Fast
Fast
Learn More: See Cryptographic Primitives for implementation details.
Last updated
Was this helpful?